CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test

The object returned by schema_format_value() is a bytes object. Therefore the search expression would resemble: (lastKnownParent=<GUID=b'00000000-0000-0000-0000-000000000000'>) which, due to the extra characters, would fail to match anything. Fix it to be: (lastKnownParent=<GUID=00000000-0000-0000-0000-000000000000>) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Joseph Sutton <josephsutton@catalyst.net.nz> 2023-02-07 09:48:37 +1300
committer: Jule Anger <janger@samba.org> 2023-03-20 10:03:38 +0100
commit: a4193a790354414542eb8d049b0f77b9005f51cb (patch)
tree: b76c8ea5023b0dac9cab2bc0451c186e965a9929
parent: d096cd4ed92bd96523c2dbe42e99fa17783a7395 (diff)
download: samba-a4193a790354414542eb8d049b0f77b9005f51cb.tar.gz
1 files changed, 3 insertions, 3 deletions
diff --git a/source4/dsdb/tests/python/confidential_attr.py b/source4/dsdb/tests/python/confidential_attr.py
index d5c7785485a..1c9c456917a 100755
--- a/source4/dsdb/tests/python/confidential_attr.py
+++ b/source4/dsdb/tests/python/confidential_attr.py
@@ -924,12 +924,12 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
         self.assert_negative_searches(has_rights_to="all",
                                       samdb=self.ldb_admin)
 
-    def get_guid(self, dn):
+    def get_guid_string(self, dn):
         """Returns an object's GUID (in string format)"""
         res = self.ldb_admin.search(base=dn, attrs=["objectGUID"],
                                     scope=SCOPE_BASE)
         guid = res[0]['objectGUID'][0]
-        return self.ldb_admin.schema_format_value("objectGUID", guid)
+        return self.ldb_admin.schema_format_value("objectGUID", guid).decode('utf-8')
 
     def make_attr_preserve_on_delete(self):
         """Marks the attribute under test as being preserve on delete"""
@@ -978,7 +978,7 @@ class ConfidentialAttrTestDirsync(ConfidentialAttrCommon):
         # deleted objects, but only from this particular test run. We can do
         # this by matching lastKnownParent against this test case's OU, which
         # will match any deleted child objects.
-        ou_guid = self.get_guid(self.ou)
+        ou_guid = self.get_guid_string(self.ou)
         deleted_filter = "(lastKnownParent=<GUID={0}>)".format(ou_guid)
 
         # the extra-filter will get combined via AND with the search expression
author	Joseph Sutton <josephsutton@catalyst.net.nz>	2023-02-07 09:48:37 +1300
committer	Jule Anger <janger@samba.org>	2023-03-20 10:03:38 +0100
commit	a4193a790354414542eb8d049b0f77b9005f51cb (patch)
tree	b76c8ea5023b0dac9cab2bc0451c186e965a9929
parent	d096cd4ed92bd96523c2dbe42e99fa17783a7395 (diff)
download	samba-a4193a790354414542eb8d049b0f77b9005f51cb.tar.gz